Developer's Guide to Oracle Solaris Security

Preface

The Developer' Guide to Oracle Solaris Security describes the public application programming interfaces (API) and service provider interfaces (SPI) for the security features in the Oracle Solaris operating environment. The term service provider refers to components that are plugged into a framework to provide security services, such as cryptographic algorithms and security protocols.

Note –

This Solaris release supports systems that use the SPARC and x86 families of processor architectures. The supported systems appear in the Solaris OS: Hardware Compatibility Lists. This document cites any implementation differences between the platform types.

In this document these x86 related terms mean the following:

“x86” refers to the larger family of 64-bit and 32-bit x86 compatible products.
“x64” relates specifically to 64-bit x86 compatible CPUs.
“32-bit x86” points out specific 32-bit information about x86 based systems.

For supported systems, see the Solaris OS: Hardware Compatibility Lists.

Who Should Use This Book

The Developer' Guide to Oracle Solaris Security is intended for C-language developers who want to write the following types of programs:

Privileged applications that can override system controls
Applications that use authentication and related security services
Applications that need to secure network communications
Applications that use cryptographic services
Libraries, shared objects, and plug-ins that provide or consume security services

Note –

For Java-language equivalents to the Oracle Solaris features, see http://java.sun.com/javase/technologies/security/.

Before You Read This Book

Readers of this guide should be familiar with C programming. A basic knowledge of security mechanisms is helpful but not required. You do not need to have specialized knowledge about network programming to use this book.

How This Book Is Organized

This book is organized into the following chapters.

Chapter 1, Oracle Solaris Security for Developers (Overview) provides an introduction to the Oracle Solaris security.
Chapter 2, Developing Privileged Applications describes how to write privileged applications that use process privileges.
Chapter 3, Writing PAM Applications and Services explains how to write a pluggable application module (PAM).
Chapter 4, Writing Applications That Use GSS-API provides an introduction to the Generic Security Service Application Programming Interface (GSS-API).
Chapter 5, GSS-API Client Example and Chapter 6, GSS-API Server Example each provide a walk-through of GSS-API examples.
Chapter 7, Writing Applications That Use SASL describes how to write applications for the Simple Authentication Security Layer (SASL).
Chapter 8, Introduction to the Oracle Solaris Cryptographic Framework provides an overview of the Oracle Solaris cryptographic framework, both at the user level and kernel level.
Chapter 9, Writing User–Level Cryptographic Applications and Providers describes how to write consumers and providers for the user level of the Oracle Solaris cryptographic framework.
Chapter 10, Introduction to the Oracle Solaris Key Management Framework describes programming interfaces and administrative tools for managing Public Key Infrastructure (PKI) objects in Oracle Solaris.
Appendix A, Sample C–Based GSS-API Programs provides complete code listings for the GSS-API examples.
Appendix B, GSS-API Reference provides reference information for various items in the GSS-API.
Appendix C, Specifying an OID describes how to specify a mechanism. This technique is used in cases where a mechanism other than the default mechanism is to be used.
Appendix D, Source Code for SASL Example provides complete code listings for the SASL examples.
Appendix E, SASL Reference Tables provides brief descriptions of the major SASL interfaces.
Appendix F, Packaging and Signing Cryptographic Providers describes how to package and sign cryptographic providers.
Glossary provides definitions for security terms that are used throughout the manual.

Documentation, Support, and Training

See the following web sites for additional resources:

Documentation
Support
Training – Click the Sun link in the left navigation bar.

Oracle Welcomes Your Comments

Oracle welcomes your comments and suggestions on the quality and usefulness of its documentation. If you find any errors or have any other suggestions for improvement, go to http://docs.sun.com and click Feedback. Indicate the title and part number of the documentation along with the chapter, section, and page number, if available. Please let us know if you want a reply.

Oracle Technology Network offers a range of resources related to Oracle software:

Discuss technical problems and solutions on the Discussion Forums.
Get hands-on step-by-step tutorials with Oracle By Example.
Download Sample Code.

Typographic Conventions

The following table describes the typographic conventions that are used in this book.

Table P–1 Typographic Conventions


Typeface	Meaning	Example
`AaBbCc123`	The names of commands, files, and directories, and onscreen computer output	Edit your `.login` file. Use `ls -a` to list all files. `machine_name% you have mail.`
`AaBbCc123`	What you type, contrasted with onscreen computer output	`machine_name%` `su` `Password:`
`aabbcc123`	Placeholder: replace with a real name or value	The command to remove a file is `rm` `filename`.
AaBbCc123	Book titles, new terms, and terms to be emphasized	Read Chapter 6 in the User's Guide. A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online.

Shell Prompts in Command Examples

The following table shows the default UNIX system prompt and superuser prompt for shells that are included in the Oracle Solaris OS. Note that the default system prompt that is displayed in command examples varies, depending on the Oracle Solaris release.

Table P–2 Shell Prompts


Shell	Prompt
Bash shell, Korn shell, and Bourne shell	`$`
Bash shell, Korn shell, and Bourne shell for superuser	`#`
C shell	`machine_name%`
C shell for superuser	`machine_name#`